ECSAV10 Online Practice Questions and Answers

An attacker with a malicious intention decided to hack confidential data from the target organization. For acquiring such information, he started testing IoT devices that are connected to the target network. He started monitoring the network traffic passing between the IoT devices and the network to verify whether credentials are being transmitted in clear text. Further, he also tried to crack the passwords using well-known keywords across all the interfaces. Which of the following IoT threats the attacker is trying to exploit?

A. Poor physical security

B. Poor authentication

C. Privacy concerns

D. Insecure firmware

Why is a legal agreement important to have before launching a penetration test?

A. Guarantees your consultant fees

B. Allows you to perform a penetration test without the knowledge and consent of the organization's upper management

C. It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.

D. It is important to ensure that the target organization has implemented mandatory security policies

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

A. OSPF

B. BPG

C. ATM

D. UDP

Which of the following password hashing algorithms is used in the NTLMv2 authentication mechanism?

A. AES

B. DES (ECB mode)

C. MD5

D. RC5

Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web page behaviors?

A. Check for Directory Consistency and Page Naming Syntax of the Web Pages

B. Examine Server Side Includes (SSI)

C. Examine Hidden Fields

D. Examine E-commerce and Payment Gateways Handled by the Web Server

Which of the following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unprotected medium, such as the Internet?

A. DNSSEC

B. Netsec

C. IKE

D. IPsec

What operating system would respond to the following command?

C:\> nmap -a W 10.10.145.65

A. Mac OS X

B. Windows XP

C. Windows 95

D. FreeBSD

In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?

A. More RESET packets to the affected router to get it to power back up

B. RESTART packets to the affected router to get it to power back up

C. The change in the routing fabric to bypass the affected router

D. STOP packets to all other routers warning of where the attack originated

In the TCP/IP model, the transport layer is responsible for reliability and flow control from source to the destination. TCP provides the mechanism for flow control by allowing the sending and receiving hosts to communicate. A flow control mechanism avoids the problem with a transmitting host overflowing the buffers in the receiving host.

A. Sliding Windows

B. Windowing

C. Positive Acknowledgment with Retransmission (PAR)

D. Synchronization

A firewall's decision to forward or reject traffic in network filtering is dependent upon which of the following?

A. Destination address

B. Port numbers

C. Source address

D. Protocol used